Skip to content

AppSettings Complete Reference

HomeDocumentationReference → AppSettings Reference

Complete reference for all appsettings.json configuration options in Cesivi Server.

Table of Contents


Quick Start

Minimal configuration to get started:

{
  "Cesivi": {
    "DataRootPath": "./MockData",
    "HttpPort": 5000
  }
}

Core Settings

{
  "Cesivi": {
    "DataRootPath": "./MockData",
    "LogPath": "./MockData/Logs/Server",
    "HostName": "localhost",
    "UseHttps": false,
    "HttpPort": 5000,
    "HttpsPort": 5001
  }
}
Option Type Default Description
DataRootPath string ./MockData Root path for all SharePoint data storage
LogPath string ./MockData/Logs/Server Path for server log files
HostName string localhost Server hostname for URL generation
UseHttps bool false Enable HTTPS
HttpPort int 5000 HTTP port
HttpsPort int 5001 HTTPS port

Environment Variable Overrides:

Cesivi__DataRootPath=/var/data/sharepoint
Cesivi__HttpPort=8080


Storage Configuration

{
  "Cesivi": {
    "StorageProvider": "FileSystem",
    "SqlitePath": "./Data/sharepoint.db",
    "LiteDbPath": "./Data/sharepoint.litedb",
    "SearchEngine": "TfIdf"
  }
}
Option Type Default Description
StorageProvider string FileSystem Storage backend: FileSystem, InMemory, Sqlite, LiteDb
SqlitePath string "" SQLite database file path (when using Sqlite provider)
LiteDbPath string "" LiteDB database file path (when using LiteDb provider)
SearchEngine string TfIdf Search engine implementation

See: Storage Providers Guide for detailed provider documentation.


Identity Providers

The Identity system supports multiple authentication providers with priority-based selection.

Overview

{
  "Cesivi": {
    "Identity": {
      "Providers": {
        "OAuth2": { ... },
        "NTLM": { ... },
        "AcceptAll": { ... }
      }
    }
  }
}

OAuth2/OIDC Provider

{
  "Cesivi": {
    "Identity": {
      "Providers": {
        "OAuth2": {
          "Enabled": false,
          "Priority": 50,
          "Authority": "https://login.microsoftonline.com/{tenant-id}/v2.0",
          "Audience": "api://cesivi",
          "ValidateIssuer": true,
          "ValidateAudience": true,
          "ValidateLifetime": true,
          "ValidIssuers": [],
          "ClockSkewMinutes": 5,
          "ClaimMappings": {
            "Username": "preferred_username",
            "Email": "email",
            "DisplayName": "name"
          }
        }
      }
    }
  }
}
Option Type Default Description
Enabled bool false Enable OAuth2 provider
Priority int 50 Provider priority (lower = higher priority)
Authority string required OIDC authority URL (e.g., Azure AD tenant URL)
Audience string required Expected token audience
ValidateIssuer bool true Validate token issuer
ValidateAudience bool true Validate token audience
ValidateLifetime bool true Validate token expiration
ValidIssuers string[] [] Additional valid issuers (empty = use Authority)
ClockSkewMinutes int 5 Allowed clock skew for token validation
ClaimMappings.Username string preferred_username Claim for username
ClaimMappings.Email string email Claim for email
ClaimMappings.DisplayName string name Claim for display name

See: OAuth2 Setup Guide

NTLM Provider

Configuration-Based Backend (Default)

{
  "Cesivi": {
    "Identity": {
      "Providers": {
        "NTLM": {
          "Enabled": true,
          "Priority": 100,
          "Backend": "Configuration",
          "Users": [
            {
              "Username": "administrator",
              "Domain": "SHAREPOINT",
              "DisplayName": "SharePoint Administrator",
              "Email": "admin@sharepoint.local",
              "Groups": ["Administrators", "Site Owners"]
            },
            {
              "Username": "testuser",
              "Domain": "CONTOSO",
              "DisplayName": "Test User",
              "Email": "testuser@contoso.com",
              "Groups": ["Users", "Contributors"]
            }
          ]
        }
      }
    }
  }
}

Active Directory Backend

{
  "Cesivi": {
    "Identity": {
      "Providers": {
        "NTLM": {
          "Enabled": true,
          "Priority": 100,
          "Backend": "ActiveDirectory",
          "ActiveDirectory": {
            "Server": "ldap://dc.contoso.com",
            "BaseDN": "DC=contoso,DC=com",
            "ServiceAccount": "CN=svc_spm,OU=ServiceAccounts,DC=contoso,DC=com",
            "ServiceAccountPassword": "your-password",
            "UserSearchFilter": "(sAMAccountName={0})",
            "GroupSearchFilter": "(member={0})",
            "UseSsl": true,
            "SkipCertificateValidation": false,
            "ConnectionTimeout": 30,
            "CacheTimeoutSeconds": 300
          }
        }
      }
    }
  }
}

Pure LDAP Backend (OpenLDAP, 389 DS, etc.)

{
  "Cesivi": {
    "Identity": {
      "Providers": {
        "NTLM": {
          "Enabled": true,
          "Priority": 100,
          "Backend": "LDAP",
          "ActiveDirectory": {
            "Server": "ldap://openldap.example.com:389",
            "BaseDN": "dc=example,dc=com",
            "ServiceAccount": "cn=admin,dc=example,dc=com",
            "ServiceAccountPassword": "admin-password",
            "UserSearchFilter": "(uid={0})",
            "GroupSearchFilter": "(memberUid={0})",
            "UseSsl": false,
            "CacheTimeoutSeconds": 300
          }
        }
      }
    }
  }
}
Option Type Default Description
Enabled bool false Enable NTLM provider
Priority int 100 Provider priority
Backend string Configuration Backend type: Configuration, ActiveDirectory, AD, LDAP

Configuration Backend Options:

Option Type Description
Users[].Username string Login name (without domain)
Users[].Domain string Domain/workgroup name
Users[].DisplayName string Full display name
Users[].Email string Email address
Users[].Groups string[] Group memberships

ActiveDirectory/LDAP Backend Options:

Option Type Default Description
Server string ldap://localhost LDAP server URI
BaseDN string required Base DN for searches
ServiceAccount string null Service account DN (null = anonymous bind)
ServiceAccountPassword string null Service account password
UserSearchFilter string (sAMAccountName={0}) User search filter ({0} = username)
GroupSearchFilter string (member={0}) Group search filter ({0} = user DN)
UseSsl bool false Enable SSL/TLS
SkipCertificateValidation bool false Skip SSL cert validation (dev only!)
ConnectionTimeout int 30 Connection timeout (seconds)
CacheTimeoutSeconds int 300 Cache TTL (0 = disabled)

See: NTLM Setup Guide

AcceptAll Provider

{
  "Cesivi": {
    "Identity": {
      "Providers": {
        "AcceptAll": {
          "Enabled": true,
          "Priority": 1000,
          "DefaultUsername": "SHAREPOINT\\administrator"
        }
      }
    }
  }
}
Option Type Default Description
Enabled bool true Enable AcceptAll provider
Priority int 1000 Provider priority (lowest = fallback)
DefaultUsername string SHAREPOINT\administrator Default identity for unauthenticated requests

⚠️ Warning: Only use AcceptAll for development/testing!


Cache Configuration

Cesivi uses multiple specialized caches for performance.

{
  "Cesivi": {
    "Cache": {
      "CamlParse": {
        "MaxEntries": 2000,
        "MaxSizeMB": 10,
        "DefaultExpirationMinutes": 30
      },
      "CamlResult": {
        "MaxEntries": 1000,
        "MaxSizeMB": 50,
        "DefaultExpirationMinutes": 5
      },
      "Reflection": {
        "MaxEntries": 50000,
        "MaxSizeMB": 20
      },
      "ObjectPath": {
        "MaxEntries": 1000,
        "MaxSizeMB": 10,
        "DefaultExpirationMinutes": 10
      },
      "DirectoryScan": {
        "MaxEntries": 500,
        "MaxSizeMB": 5,
        "DefaultExpirationMinutes": 15
      },
      "Generic": {
        "MaxEntries": 10000,
        "MaxSizeMB": 100,
        "DefaultExpirationMinutes": 30
      }
    }
  }
}
Cache Purpose Default MaxEntries Default MaxSizeMB
CamlParse Parsed CAML query cache 2000 10
CamlResult CAML query result cache 1000 50
Reflection Reflection metadata cache 50000 20
ObjectPath CSOM object path cache 1000 10
DirectoryScan File system directory cache 500 5
Generic General-purpose cache 10000 100

Cache Entry Options:

Option Type Description
MaxEntries int Maximum number of cache entries
MaxSizeMB int Maximum cache size in megabytes
DefaultExpirationMinutes int Default entry expiration time

Session Management

{
  "Cesivi": {
    "Session": {
      "IdleTimeoutMinutes": 30,
      "CleanupIntervalMinutes": 5,
      "MaxSessionCount": 1000,
      "MaxIdentityCacheEntriesPerSession": 1000,
      "MaxObjectCacheEntriesPerSession": 500,
      "MemoryPressureThresholdMB": 500,
      "EnableLruEviction": true
    }
  }
}
Option Type Default Description
IdleTimeoutMinutes int 30 Session idle timeout
CleanupIntervalMinutes int 5 Session cleanup interval
MaxSessionCount int 1000 Maximum concurrent sessions
MaxIdentityCacheEntriesPerSession int 1000 Identity cache entries per session
MaxObjectCacheEntriesPerSession int 500 Object cache entries per session
MemoryPressureThresholdMB int 500 Memory threshold for aggressive cleanup
EnableLruEviction bool true Enable LRU cache eviction

Authentication (Legacy)

Legacy authentication settings (use Identity Providers instead for new deployments).

{
  "Cesivi": {
    "Authentication": {
      "AcceptAllCredentials": true,
      "AllowAnonymous": true,
      "EnableNTLM": true,
      "EnableJWT": true,
      "EnableBasic": true
    }
  }
}
Option Type Default Description
AcceptAllCredentials bool true Accept any credentials (dev only!)
AllowAnonymous bool true Allow anonymous requests
EnableNTLM bool true Enable NTLM authentication
EnableJWT bool true Enable JWT Bearer authentication
EnableBasic bool true Enable Basic authentication

Note: These settings are for backward compatibility. Use Identity.Providers for new deployments.


Kestrel/SSL Settings

{
  "Kestrel": {
    "Limits": {
      "MaxRequestBodySize": 2147483648
    },
    "Certificate": {
      "Path": "",
      "Password": "Passw0rd",
      "AllowInvalid": true
    }
  }
}
Option Type Default Description
Limits.MaxRequestBodySize long 2147483648 Max request body size (2GB)
Certificate.Path string "" Path to SSL certificate (.pfx)
Certificate.Password string "" Certificate password
Certificate.AllowInvalid bool true Allow invalid/self-signed certificates

Logging

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning",
      "Cesivi": "Information",
      "Cesivi.Common.Identity": "Debug"
    }
  }
}
Level Description
Trace Most verbose, every operation
Debug Debugging information
Information General operational info
Warning Warnings and potential issues
Error Errors only
Critical Critical failures only
None Disable logging

Useful Debug Settings:

{
  "Logging": {
    "LogLevel": {
      "Cesivi.Common.Identity": "Debug",
      "Cesivi.Common.Identity.Ntlm": "Debug",
      "Cesivi.Services.Csom": "Debug"
    }
  }
}

Plugins

{
  "Cesivi": {
    "Plugins": [
      {
        "Name": "MyCustomPlugin",
        "Assembly": "MyCompany.Cesivi.Plugins.dll",
        "Enabled": true,
        "Config": {
          "CustomSetting": "value"
        }
      }
    ]
  }
}

See: Plugin Guide


Complete Example

Full appsettings.json with all options:

{
  "Logging": {
    "LogLevel": {
      "Default": "Information",
      "Microsoft.AspNetCore": "Warning",
      "Cesivi": "Information"
    }
  },
  "AllowedHosts": "*",
  "Kestrel": {
    "Limits": {
      "MaxRequestBodySize": 2147483648
    },
    "Certificate": {
      "Path": "",
      "Password": "",
      "AllowInvalid": true
    }
  },
  "Cesivi": {
    "DataRootPath": "./MockData",
    "LogPath": "./MockData/Logs/Server",
    "HostName": "localhost",
    "UseHttps": false,
    "HttpPort": 5000,
    "HttpsPort": 5001,
    "StorageProvider": "FileSystem",
    "SqlitePath": "",
    "LiteDbPath": "",
    "SearchEngine": "TfIdf",

    "Identity": {
      "Providers": {
        "OAuth2": {
          "Enabled": false,
          "Priority": 50,
          "Authority": "http://localhost:8080",
          "Audience": "cesivi",
          "ValidateIssuer": true,
          "ValidateAudience": true,
          "ValidateLifetime": true,
          "ClaimMappings": {
            "Username": "preferred_username",
            "Email": "email",
            "DisplayName": "name"
          }
        },
        "NTLM": {
          "Enabled": false,
          "Priority": 100,
          "Backend": "Configuration",
          "Users": [
            {
              "Username": "administrator",
              "Domain": "SHAREPOINT",
              "DisplayName": "SharePoint Administrator",
              "Email": "admin@sharepoint.local",
              "Groups": ["Administrators"]
            }
          ],
          "ActiveDirectory": {
            "Server": "ldap://localhost",
            "BaseDN": "",
            "ServiceAccount": null,
            "ServiceAccountPassword": null,
            "UserSearchFilter": "(sAMAccountName={0})",
            "GroupSearchFilter": "(member={0})",
            "UseSsl": false,
            "SkipCertificateValidation": false,
            "ConnectionTimeout": 30,
            "CacheTimeoutSeconds": 300
          }
        },
        "AcceptAll": {
          "Enabled": true,
          "Priority": 1000,
          "DefaultUsername": "SHAREPOINT\\administrator"
        }
      }
    },

    "Session": {
      "IdleTimeoutMinutes": 30,
      "CleanupIntervalMinutes": 5,
      "MaxSessionCount": 1000,
      "MaxIdentityCacheEntriesPerSession": 1000,
      "MaxObjectCacheEntriesPerSession": 500,
      "MemoryPressureThresholdMB": 500,
      "EnableLruEviction": true
    },

    "Cache": {
      "CamlParse": {
        "MaxEntries": 2000,
        "MaxSizeMB": 10,
        "DefaultExpirationMinutes": 30
      },
      "CamlResult": {
        "MaxEntries": 1000,
        "MaxSizeMB": 50,
        "DefaultExpirationMinutes": 5
      },
      "Reflection": {
        "MaxEntries": 50000,
        "MaxSizeMB": 20
      },
      "ObjectPath": {
        "MaxEntries": 1000,
        "MaxSizeMB": 10,
        "DefaultExpirationMinutes": 10
      },
      "DirectoryScan": {
        "MaxEntries": 500,
        "MaxSizeMB": 5,
        "DefaultExpirationMinutes": 15
      },
      "Generic": {
        "MaxEntries": 10000,
        "MaxSizeMB": 100,
        "DefaultExpirationMinutes": 30
      }
    },

    "Authentication": {
      "AcceptAllCredentials": true,
      "AllowAnonymous": true,
      "EnableNTLM": true,
      "EnableJWT": true,
      "EnableBasic": true
    },

    "Plugins": []
  }
}

See Also


Last Updated: 2025-12-01